General
-
Target
9821bd259525a3cae468c2bade973ec2.exe
-
Size
587KB
-
Sample
221101-nymgeacedr
-
MD5
9821bd259525a3cae468c2bade973ec2
-
SHA1
07097112545f1e61179bf9d5e5b590b6ee5d213f
-
SHA256
6c9481335cdf4592ab8592c78b4520138888538f124cb6b6928503c274eefddd
-
SHA512
2ac199c89999cdb51b76d4969d36f554101fc28144daee8e0be8a332899253cbbab107dd9890164a107ff488619fd454a5a94d0397a33b32ad54ebf6e7b9331a
-
SSDEEP
12288:b1h77SsjAScLJopzdtZtGi6IKysie3fRDEpfsAIHn:HSC2etWIHePxEpfsAkn
Static task
static1
Behavioral task
behavioral1
Sample
9821bd259525a3cae468c2bade973ec2.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
9821bd259525a3cae468c2bade973ec2.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
warzonerat
45.87.62.181:6532
Targets
-
-
Target
9821bd259525a3cae468c2bade973ec2.exe
-
Size
587KB
-
MD5
9821bd259525a3cae468c2bade973ec2
-
SHA1
07097112545f1e61179bf9d5e5b590b6ee5d213f
-
SHA256
6c9481335cdf4592ab8592c78b4520138888538f124cb6b6928503c274eefddd
-
SHA512
2ac199c89999cdb51b76d4969d36f554101fc28144daee8e0be8a332899253cbbab107dd9890164a107ff488619fd454a5a94d0397a33b32ad54ebf6e7b9331a
-
SSDEEP
12288:b1h77SsjAScLJopzdtZtGi6IKysie3fRDEpfsAIHn:HSC2etWIHePxEpfsAkn
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-